Privacy Policy

1. Introduction

Masjidly ("we", "our", "us") is a community-driven platform operated from India, dedicated to connecting Muslims with their local masjids. We understand that your personal information is important to you, and we are committed to handling it with care and transparency. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Masjidly platform.

By creating an account, accessing, or using Masjidly, you consent to the practices described in this policy. We encourage you to read this document carefully so that you understand what data we collect, why we collect it, and how you can exercise control over your information.

This policy applies to all users of Masjidly, including guests who browse without an account, registered members, and community admins. If you do not agree with any part of this policy, please discontinue use of the platform.

2. Information We Collect

When you create an account on Masjidly, we collect basic profile information including your name, email address, phone number, and profile picture. This information is necessary to identify you within the platform, enable community features, and allow other members to recognize you within their masjid communities.

We collect location data to power the core functionality of Masjidly. When you grant location permission, we access your GPS coordinates to calculate accurate prayer times and display nearby masjids sorted by distance. If you do not grant GPS access, we use your IP address to determine an approximate location as a fallback. This ensures you always have access to relevant prayer times, even without precise positioning.

Masjidly also collects data related to your community activity. This includes which communities you have joined, your role within each community (member or admin), and any verification data you submit as part of an admin application. This data is essential for managing community memberships and ensuring that admin privileges are granted to verified individuals.

We store your personal preferences to deliver a tailored experience. This includes your chosen salah calculation method, school of thought, notification settings, and any saved addresses you have added for quick access to prayer times at different locations.

3. How We Use Your Information

Your location data is used to calculate accurate salah times based on your geographic coordinates, applying the calculation method and school of thought you have selected. Location is also used to display a list of nearby masjids sorted by distance, so you can quickly find the closest place to pray.

We use your account and community data to enable social and organizational features on the platform. This includes allowing you to join communities, receive announcements from your masjid, and, for admins, manage community settings such as jamat timings, announcements, and member oversight.

Aggregated and anonymized usage data may be used to improve the platform, identify and fix technical issues, and understand how users interact with different features. This helps us prioritize development efforts and deliver a better experience for the community.

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes. Your information is used solely to operate and improve Masjidly. We will never monetize your data or use it in ways unrelated to the platform's core mission of serving the Muslim community.

4. Location Data

Location is central to Masjidly's core functionality. We rely on your coordinates to find nearby masjids, calculate prayer times specific to your position, and verify that admin applicants are within reasonable proximity to the masjid they wish to manage. Without location data, the platform cannot deliver its primary services.

To ensure a fast and seamless experience, your GPS coordinates are cached locally on your device for up to 24 hours. This means that when you reopen the app, your prayer times and nearby masjids load instantly without requiring a fresh GPS lookup. We also store a copy of your last known coordinates in your browser's local storage for the same purpose.

Masjidly does not track your movement or maintain a history of your locations over time. Each time you open the platform, your current location is requested (or the cached version is used), but no trail of past locations is recorded or stored on our servers.

You can revoke location permission at any time through your browser settings or the app's Settings page. If you revoke access, Masjidly will fall back to IP-based approximate location or your saved addresses. You will still be able to use the platform, though the accuracy of nearby masjid results and prayer times may be reduced.

5. Data Storage and Security

Your data is stored securely using Supabase, a cloud database platform that provides encryption at rest and encryption in transit. This means your information is protected both when it is stored on disk and when it is being transmitted between systems.

All communication between your browser (or the mobile app) and our servers is encrypted using HTTPS. This ensures that any data exchanged during your session, including login credentials, location data, and profile updates, cannot be intercepted by unauthorized parties.

Database access is tightly controlled and restricted to server-side operations using service role credentials. Client-side requests are authenticated and validated before any data is read or written. We follow the principle of least privilege, ensuring that each component of the system only has access to the data it needs.

Masjidly does not store passwords directly. Authentication is handled through secure, token-based sessions. If you sign in using a phone number, a one-time verification code is used. If you sign in with Google, authentication is managed through Google's OAuth protocol. In both cases, no plaintext password is ever stored in our database.

6. Third-Party Services

Masjidly integrates with a limited number of third-party services to deliver its features. We are selective about which services we use and prioritize those that respect user privacy.

We use Google Maps Platform, specifically the Geocoding API, to convert GPS coordinates into human-readable addresses and to power the map-based location picker on the platform. When you use these features, your coordinates are sent to Google for processing. Google's privacy policy governs how they handle this data.

If you choose to sign in with Google, we use Google OAuth to authenticate your identity. Through this process, we receive your name, email address, and profile picture from Google. We do not receive or have access to your Google password, and we do not access any other data from your Google account beyond what is needed for authentication.

Masjidly does not use advertising networks, analytics trackers, or third-party cookies. We do not embed social media tracking pixels, retargeting scripts, or any form of cross-site tracking technology. Your activity on Masjidly stays on Masjidly.

7. Your Rights

You have the right to access all personal data that Masjidly holds about you. Your profile information, community memberships, saved addresses, and preferences are all visible and accessible through the platform's Settings page.

You can update your name, email, phone number, and profile picture at any time from the Settings page. Changes take effect immediately across the platform. You can also delete any saved addresses whenever you choose, without needing to contact support.

You have full control over location permissions. You can grant or revoke GPS access through your browser or device settings at any time. You can also manage your notification preferences, salah calculation method, and other settings independently.

To request complete deletion of your account and all associated data, please contact us at salam@masjidly.net. Upon receiving your request, we will verify your identity and proceed with permanent removal of your personal data from our servers. Please note that this action is irreversible, and you will need to create a new account if you wish to use Masjidly again.

8. Cookies and Local Storage

Masjidly uses session cookies for authentication purposes. These cookies are managed by NextAuth and are essential for keeping you signed in as you navigate the platform. They do not contain personal information and expire when your session ends or after a defined period of inactivity.

We use your browser's localStorage to cache your last known location coordinates. This allows the app to load your prayer times and nearby masjids instantly when you return, without waiting for a fresh GPS lookup. This cached data remains on your device and is not transmitted to our servers unless a location update is triggered.

IndexedDB, another browser-based storage mechanism, is used to store your salah calculation preferences locally. This ensures that your preferred calculation method and school of thought are available immediately when the app loads, even before your profile data is fetched from the server.

Masjidly does not use advertising cookies, tracking pixels, or third-party analytics cookies. All local storage, including cookies, localStorage entries, and IndexedDB data, is cleared when you log out of the platform.

9. Children's Privacy

Masjidly is a community and religious platform that is accessible to users of all ages. The nature of the platform, helping users find masjids and prayer times, is inherently family-friendly, and we do not host content that is inappropriate for younger audiences.

We do not knowingly collect personal information from children under the age of 13 beyond the basic account information required for registration, such as name and email address. We do not target children with advertising or marketing, nor do we use their data for profiling or behavioral analysis.

If you are a parent or guardian and believe that your child has provided personal information to Masjidly without your consent, please contact us at salam@masjidly.net. We will take prompt steps to verify the claim and, if confirmed, delete the child's personal information from our systems.

10. Data Retention

Your account data, including your profile information, community memberships, and preferences, is retained for as long as your account remains active on Masjidly. We do not impose expiration dates on active accounts.

Location cache data is stored locally on your device and is automatically cleared when you log out or clear your browser data. This data is not retained on our servers beyond the immediate use of calculating prayer times and displaying nearby masjids.

Community membership data is retained for the duration of your membership in each community. If you leave a community, your membership record is removed. If you served as an admin, your admin activity logs may be retained for a reasonable period to maintain community integrity and accountability.

If you choose to delete your account, your personal data will be permanently removed from our servers. Anonymized or aggregated data, which cannot be used to identify you, may be retained for the purpose of service improvement and understanding platform usage trends.

11. Compliance

Masjidly is operated from India and complies with applicable Indian data protection laws, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act). We take our obligations under these laws seriously and have implemented appropriate technical and organizational measures to protect your data.

In accordance with the DPDP Act, we process your personal data only for lawful purposes and with your consent. We implement reasonable security practices and procedures as required under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

If you are accessing Masjidly from outside India, please be aware that your data may be transferred to and processed in India. By using the platform, you consent to this transfer. We ensure that your data receives the same level of protection regardless of where it is processed.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant authorities as required by applicable law. We maintain incident response procedures to detect, investigate, and respond to security incidents promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the features we offer, or evolving legal requirements. When we make changes, the updated policy will be posted on this page with a revised "Last Updated" date at the top.

For significant changes that materially affect how we handle your personal data, we will make reasonable efforts to notify you through the platform, such as a notification or a prominent notice on the app. However, we encourage you to review this policy periodically to stay informed about how we protect your information.

Your continued use of Masjidly after any changes to this Privacy Policy are posted constitutes your acceptance of the updated terms. If you do not agree with the revised policy, you should discontinue use of the platform and, if desired, request deletion of your account.